We have expertise in collecting Evidence
|The need for Expertise in digital evidence collection are being driven by the rapidly changing computing environment:
Evidence handling is clearly one of the most important aspects in the expanding field of computer forensics. The never-ending innovation in technologies tends to keep best practices in constant flux in effort to meet industry needs. One of the more recent shifts in evidence handling has been the shift away from simply “pulling the plug” as a first step in evidence collection to the adoption of methodologies to acquire evidence “Live” from a suspect computer.
We have expertise in collecting Evidence from
Analyzing network traffic.
CPU, cache and register content
Routing table, ARP cache, process table, kernel statistics
Temporary file system / swap space
Data on hard disk
Remotely logged data
Data contained on archival media
Recovred Erased or changed data.
Scientific analysis of transmission logs and firewall filters.
Applications are installed from removable media such as a USB stick and are then virtualized in RAM without a trace on the hard disk Root kits hide within process undetected by the underlying operating system and when using local tools (binaries) — you must analyze memory with trusted binaries Malware is fully RAM resident with no trace of existence on the hard disk Users regularly utilize covert / hidden encrypted files or partitions – areas of the hard drive to hide evidence Popular web browsers offer the user the ability to cover their tracks — log files of user activity are created but deleted when the browser is closed Web 2.0 continues to change the landscape with web based email, blogs, wiki’s and twitter extending storage of user actions / communications beyond the traditional hard disk found on the users machine.